hello, i kinda need some help now that avast has detected and quarantined wuaudit.exe in my temp folder but in several minutes a new wuaudit.exe keeps appearing and being detected again, and i cant find the source that keeps creating wuaudit.exe after being deleted

and there’s possibly an adware that redirects all my browser’s homepage to v9.com, that might be caused by my sister was installing some new games or programs recently without any awareness of viruses/adware/malware since avast is always on and updated

got rid of the adware that redirects my home page to v9.com after using adwcleaner
attached the logs needed

the aswMBR.txt :

malware removers are notified, it may take some time before they are online so be patient

hello

adwcleaner didn’t work , launch it again in safemode

done

oh i forgot perhaps this?

Monitoring

killed post

I have not seen that a colleague g3n-h@ckm@n has already take the case.

ok we continue

==

execute what’s written here :

http://translate.google.fr/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fsecurity-helpzone.com%2Fgen-hackman%2Ftutos-canneds%2Fjunkware-removal-tool%2F

this

do that please :

http://translate.google.fr/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fsecurity-helpzone.com%2Fgen-hackman%2Ftutos-canneds%2Fmalwarebytes%2F

done
kinda confused which button to press in french lol
but somehow managed through it ;D

oh, and the wuaudit.exe doesnt appear anymore since the first step with adwcleaner, and malwarebytes

ok launch again OTL , but with these settings please

http://translate.google.fr/translate?sl=fr&tl=en&js=n&prev=_t&hl=fr&ie=UTF-8&u=http%3A%2F%2Fsecurity-helpzone.com%2Fgen-hackman%2Ftutos-canneds%2Fotl-2%2F

done, sorry for the long wait, i was too busy with assignments

hello

your paste in OTL is’nt normal.
some spaces came in and it didn’t work as I wished

would you like to do it again please switching off your protections in the same time ?

with no protection

Attention!!!: Only these links are officials do not download the tool on other links!!
Attention!!!: this tool can be detected wrongly as virus
Attention!!!: this tool is powerful to follow scrupulously the instructions below

All the processes " not vital of Windows " are going to be cut, register(record) your work. There will be an extinction of the office(desk) during the scan - > no panic.

Deactivate all your protections if possible, antivirus, sandbox, firewalls

Download and register(record) Pre_Scan on your office(desk):

http://Http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renamed(reappointed) winlogon)

Or, if the link is not functional:

http://Http://www.archive-host.com/files/1731274/ecd939269bcc7cdfed2d2e726c22709a32db3067/winlogon.exe (Renamed(reappointed) winlogon)
http://Http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renamed(reappointed) winlogon)

If the tool is boosted(relaunched) several times, he will propose you a menu and if no option is asked, launch the option " Scan|Kill "

If the tool is blocked(surrounded) by the infection use this version with these other extensions:

http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com

If the tool detects a proxy and if you did not install(settle) click " to delete(eliminate) the proxy "

It is possible that black windows flash, let it work.

The tool is going to send on a server the viruses which it quarantined so that I can study these more in-depth infections.

Let the tool restart your computer.

Post Pre_Scan_date_hour.txt which appear in the root of your record(disk) system (generally C:)

DO NOT POST IT ON THE FORUM!!! it is too long

Accommodate the report on http://cjoint.com then give the link obtained
Modifier le message
« Modifié: Hier à 11:20:08 pm par g3n-h@ckm@n »

here